fix(oauth2_common): wrap underlying error in findOrCreateUser terminal fallthrough#234
Merged
Merged
Conversation
Copilot created this pull request from a session on behalf of
veverkap
May 10, 2026 18:23
View session
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes lost diagnostic context in handler.findOrCreateUser by ensuring the terminal race-retry fallthrough wraps the underlying store error (%w) instead of returning a bare fmt.Errorf without the root cause.
Changes:
- Hoists
errout of theFindByEmailifinitializer so it remains in scope for the terminal return. - Wraps the final fallthrough error with
%w, preserving the underlyingErrNotFound(and error chain) for logging anderrors.Is.
Show a summary per file
| File | Description |
|---|---|
handler/oauth2_common.go |
Preserves underlying error context in the terminal race-retry failure path of findOrCreateUser. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 1
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
github-actions Bot
added a commit
that referenced
this pull request
May 11, 2026
…reateUser The fix in #234 wraps the terminal ErrNotFound fallthrough in findOrCreateUser with context ("failed to resolve user after race retry"). Update the OAuth2Handler and OIDCHandler callback-behaviour sections to document this rare edge case: when the race-retry still cannot locate the user, the callback returns HTTP 500 and logs the wrapped error under the existing 'user resolution failed' slog message. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
veverkap
added a commit
that referenced
this pull request
May 11, 2026
…reateUser (#252) * docs(handler): document race-retry terminal error wrapping in findOrCreateUser The fix in #234 wraps the terminal ErrNotFound fallthrough in findOrCreateUser with context ("failed to resolve user after race retry"). Update the OAuth2Handler and OIDCHandler callback-behaviour sections to document this rare edge case: when the race-retry still cannot locate the user, the callback returns HTTP 500 and logs the wrapped error under the existing 'user resolution failed' slog message. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(handler): fix error string, terminology, and JSON note in race-retry docs - Use full error string "failed to resolve user after race retry: not found" instead of the truncated wrapper-only form in both oauth2.md and oidc.md - Replace inverted "wrapped cause" phrasing with "error" in oidc.md so the outer wrapper and inner cause are not confused - Rephrase scenario from "account was removed" to "inconsistent-store outcome (e.g. concurrent deletion or read-after-write lag)" to avoid over-asserting the cause of the ErrNotFound fallthrough - Change "Callback does not return JSON" to "does not return JSON on success" to match oauth2.md and reflect that error paths do return JSON --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Patrick Veverka <veverkap@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug Fix
What was the bug?
The terminal return in
findOrCreateUser()used a barefmt.Errorfwith no%w, discarding the underlying error entirely. Every other error path in the function wraps with%w; this one silently swallowed all diagnostic context, making production log entries useless when the race-retry path exhausted all lookup strategies.How did you fix it?
Restructured the final
FindByEmailblock to hoisterrout of theifinitializer so it remains in scope at the return site, then wrapped it:errhere is alwaysauth.ErrNotFound, but wrapping it lets callerserrors.Ison the result and gives log entries a complete chain rather than a dead-end string.Greptile Summary
This PR fixes a bug where the terminal return path in
findOrCreateUser()discarded the underlying error entirely, replacing a barefmt.Errorfwith a%w-wrapped version. The fix also hoists theFindByEmailcall out of theifinitializer soerrremains in scope at the return site.returnnow wrapserr(alwaysauth.ErrNotFoundat that point) with%w, completing the error chain and enablingerrors.Ischecks by callers.u, err := users.FindByEmail(...)from theifcondition is a required correctness step to makeerravailable at the return site below — a clean, minimal restructuring.Confidence Score: 5/5
Safe to merge — the change is a small, targeted fix to a single return statement with no impact on the happy path.
The only changed line is the terminal return in the race-retry exhaustion path. The restructuring to hoist
u, errout of theifinitializer is mechanically necessary and correct. All existing error paths, thelinkSubjectBestEffortcall, and allslogusages are untouched and correct.No files require special attention.
Important Files Changed
Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A([findOrCreateUser]) --> B{FindByOIDCSubject} B -- found --> C([return user, nil]) B -- ErrNotFound --> D{FindByEmail} B -- other err --> E([return nil, err]) D -- found --> F[linkSubjectBestEffort\nemail_match] F --> C D -- ErrNotFound --> G{CreateOIDCUser} D -- other err --> E G -- ok --> C G -- other err --> H([return nil, fmt.Errorf wrap]) G -- ErrEmailExists\nrace --> I{FindByOIDCSubject\nrace retry} I -- found --> C I -- ErrNotFound --> J{FindByEmail\nrace retry} I -- other err --> K([return nil, fmt.Errorf wrap]) J -- found --> L[linkSubjectBestEffort\nrace_retry] L --> C J -- other err --> M([return nil, fmt.Errorf wrap]) J -- ErrNotFound --> N([return nil, fmt.Errorf\nfailed to resolve user after race retry: err\n now wrapped with %w]) style N fill:#d4edda,stroke:#28a745Reviews (2): Last reviewed commit: "Potential fix for pull request finding" | Re-trigger Greptile